mod_security causes time stamps in apache logs to appear in GMT

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 5
  • httpd-2.2.3-22
  • mod_security-2.5.9-1.el5

Issue

  • When mod_security is installedthe few first requests after server start logs the local time but after that it just logs GMT time regardless of platform
[05/Aug/2010:10:36:14
+0200] 9184 GET /ing.css  304 707 Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322;
.NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
WT_FPC=id=27c747fa8e7e47cb4611275995109717:lv=1277383262595:ss=1277383045484;
Ucookie=cod=1; s_nr=1279792026441; s_cc=true; s_gts=1;
s_mca=TraficoDirectoxxTraficoDirecto; s_sq=%5B%5BB%5D%5D;
divrstw=di520020; ASPSESSIONIDCCRCRRBA=EBNPKICBAHNKDPFMBEEAKBEK;
JSESSIONID=877E2776C64EC7232CA3D6A42DB9ACF8.des_da_internet_preda1

[05/Aug/2010:08:36:22 +0000] 9184 POST
/ing.xhtml ?f=rCUB548bLS 200 706798
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET
CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
WT_FPC=id=27c747fa8e7e47cb4611275995109717:lv=1277383262595:ss=1277383045484;
Ucookie=cod=1; s_nr=1279792026441; s_cc=true; s_gts=1;
s_mca=TraficoDirectoxxTraficoDirecto; s_sq=%5B%5BB%5D%5D;
divrstw=di520020; 

Resolution

Copy /etc/localtime to desired /<dir>/etc/.

Root Cause

Apache calls time routines of arp lib, which call gmtime and mktime. They read /etc/localtime to figure out the local time zone of the machine, when in modsecurity root (chroot) is changed to a <dir> where there is no /<dir>/etc/localtime things break.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

1 Comments

How to install mod_security on RHEL5?

It doesn't seem to be present in default channel.

[dariusz.panasiuk as root@ows401-pop1~]#cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.6 (Tikanga)
[dariusz.panasiuk as root@ows401-pop1~]#yum search mod_security
Loaded plugins: rhnplugin, security
Warning: No matches found for: mod_security
No Matches found
[dariusz.panasiuk as root@ows401-pop1~]#

Regards

Dariusz